package com.cloud.utils;

import com.cloud.common.enums.ScopeType;
import com.cloud.domain.LoginUser;
import com.cloud.entity.SysRole;
import com.cloud.exception.CustomException;
import com.cloud.exception.LoginException;
import org.apache.commons.lang3.ObjectUtils;

import java.util.ArrayList;
import java.util.List;

/**
 * SQL数据权限过滤工具
 *
 * @author yzj
 */
public class SQLFilterUtils {

    /**
     * 数据范围过滤
     *
     * @param deptAlias 关联部门表名称
     * @param userAlias 关联用户表名称
     * @return
     */
    public static String sqlFilter(String deptAlias, String deptField, String userAlias, String userField) {
        LoginUser loginUser = SecurityUtils.getLoginUser();
        if (ObjectUtils.isNotEmpty(loginUser)) {
            StringBuilder builder = setDataScope(loginUser, deptAlias, deptField, userAlias, userField);
            if (StringUtils.isNotBlank(builder)) {
                return " AND (" + builder.substring(4) + ")";
            }
        } else {
            throw new CustomException(LoginException.USER_NO_LOGIN_INVALID.getCode(),
                    LoginException.USER_NO_LOGIN_INVALID.getMsg());
        }
        return null;
    }

    /**
     * 设置账户角色数据权限
     *
     * @param loginUser
     */
    public static StringBuilder setDataScope(LoginUser loginUser, String deptAlias, String deptField,
                                             String userAlias, String userField) {
        StringBuilder builder = new StringBuilder();
        List<String> conditions = new ArrayList<>();
        if (ObjectUtils.isNotEmpty(loginUser.getUserProject())) {
            for (SysRole role : loginUser.getUserProject().getRoleList()) {
                String dataScope = role.getDataScope();
                if (!ScopeType.DATA_SCOPE_CUSTOM.getCode().equals(dataScope) && conditions.contains(dataScope)) {
                    continue;
                } else if (ScopeType.DATA_SCOPE_ALL.getCode().equals(dataScope)) {
                    builder = new StringBuilder();
                    return builder;
                } else if (ScopeType.DATA_SCOPE_CUSTOM.getCode().equals(dataScope)) {
                    builder.append(StringUtils.format(" OR {}.{} IN ({}) ", deptAlias, deptField,
                            loginUser.getUserProject().getRoleDeptScope().get(role.getRoleId())));
                } else if (ScopeType.DATA_SCOPE_DEPT.getCode().equals(dataScope)) {
                    builder.append(StringUtils.format(" OR {}.{} = {} ", deptAlias, deptField,
                            loginUser.getUser().getDeptId()));
                } else if (ScopeType.DATA_SCOPE_DEPT_AND_CHILD.getCode().equals(dataScope)) {
                    builder.append(StringUtils.format(" OR {}.{} IN ({}) ", deptAlias, deptField,
                            loginUser.getDeptAfterScope()));
                } else if (ScopeType.DATA_SCOPE_SELF.getCode().equals(dataScope)) {
                    if (StringUtils.isNotBlank(userAlias)) {
                        builder.append(StringUtils.format(" OR {}.{} = {} ", userAlias, userField,
                                loginUser.getUser().getUserId()));
                    } else {
                        // 数据权限为仅本人且没有userAlias别名不查询任何数据
                        builder.append(" OR 1=0 ");
                    }
                }
                conditions.add(dataScope);
            }
        }
        return builder;
    }

}
